Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-02-11 CVE-2025-0180 The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.
network
low complexity
CWE-269
critical
 9.8
9.8
2025-02-11 CVE-2025-0181 The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.7.
network
low complexity
CWE-288
critical
 9.8
9.8
2025-02-11 CVE-2025-1177 Deserialization of Untrusted Data vulnerability in Xunruicms 4.6.3
A vulnerability was found in dayrui XunRuiCMS 4.6.3.
network
low complexity
xunruicms CWE-502
critical
 9.8
9.8
2025-02-10 CVE-2024-13011 The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and including, 4.7.
network
low complexity
CWE-434
critical
 9.8
9.8
2025-02-08 CVE-2025-0316 The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5.
network
low complexity
CWE-288
critical
 9.8
9.8
2025-02-07 CVE-2025-25163 Path Traversal vulnerability in Pluginab Plugin A/B Image Optimizer
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal.
network
low complexity
pluginab CWE-22
critical
 9.8
9.8
2025-02-07 CVE-2025-25167 Missing Authorization vulnerability in Blackandwhitedigital Bookpress 1.2.7
Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
blackandwhitedigital CWE-862
critical
 9.8
9.8
2025-02-07 CVE-2025-1061 The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16.
network
low complexity
CWE-288
critical
 9.8
9.8
2025-02-06 CVE-2024-51450 IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
CWE-78
critical
 9.1
9.1
2025-02-05 CVE-2025-20124 A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software.
network
low complexity
CWE-502
critical
 9.9
9.9